Configuring Event Logging Parameters - Cisco ASR 5500 System Administration Manual

System Logs
• Event: Event logging can be used to determine system status and capture important information pertaining
• Active: Active logs are operator configurable on a CLI instance-by-CLI instance basis. Active logs
• Trace: Trace logging can be used to quickly isolate issues that may arise for a particular connected
• Monitor: Monitor logging records all activity associated with a particular session. This functionality is
• Crash: Crash logging stores useful information pertaining to system software crashes. This information
Important

Configuring Event Logging Parameters

The system can be configured to generate logs based on user-defined filters. The filters specify the facilities
(system tasks or protocols) that the system is to monitor and severity levels at which to trigger the generation
of the event entries.
Event logs are stored in system memory and can be viewed via the CLI. There are two memory buffers that
store event logging information. The first buffer stores the active log information. The second buffer stores
inactive logging information. The inactive buffer is used as a temporary repository to allow you to view logs
without having data be overwritten. Logs are copied to the inactive buffer only through manual intervention.
Each buffer can store up to 50,000 events. Once these buffers reach their capacity, the oldest information is
removed to make room for the newest.
To prevent the loss of log data, the system can be configured to transmit logs to a syslog server over a network
interface.
Important
to protocols and tasks in use by the system. This is a global function that will be applied to all contexts,
sessions, and processes.
configured by an administrative user in one CLI instance cannot be viewed by an administrative user in
a different CLI instance. Each active log can be configured with filter and display properties that are
independent of those configured globally for the system. Active logs are displayed in real time as events
are generated.
subscriber session. Traces can be taken for a specific call identification (callid) number, IP address,
mobile station identification (MSID) number, or username.
available in order to comply with law enforcement agency requirements for monitoring capabilities of
particular subscribers. Monitors can be performed based on a subscriber's MSID or username.
is useful in determining the cause of the crash.
Stateful Firewall and NAT supports logging of various messages on screen if logging is enabled for
firewall. These logs provide detailed messages at various levels, like critical, error, warning, and debug.
Stateful Firewall and NAT attack logs also provide information on the source IP address, destination IP
address, protocol, or attack type for any packet dropped due to an attack and are also sent to a syslog server
if configured in the system. For more information on logging support for Stateful Firewall and NAT, see
the Logging Support chapter of PSF Administration Guide or NAT Administration Guide.
For releases after 15.0 MR4, TACACS+ accounting (CLI event logging) will not be generated for Lawful
Intercept users (priv-level 15 and 13).
Configuring Event Logging Parameters
ASR 5500 System Administration Guide, StarOS Release 21.5
127